Cisco's Legacy Firewalls
Ciscoís ASA 5500-X Series, ASA 5500 Series, and PIX firewall appliances provide combined firewall, VPN, and intrusion prevention system services in single-box packages, delivering a broad range of features to meet the security needs of organizations from small businesses to enterprises and ISPs. Ciscoís ASA 5500-X Series, ASA 5500, and PIX firewalls enable IT security staffs to protect their network edge and offer secure remote access while utilizing powerful management tools based on Cisco's world-class firewall technology.
Ciscoís ASA 5500 Series and PIX 500 firewalls have reached end-of-life but are still commonly used in small and mid-size organizations and in some enterprise data centers. Ciscoís ASA 5500-X Series Next-Generation Firewalls deliver substantially more value and have superseded Cisco's ASA 5500 and PIX families of firewalls for new deployments. Still, Cisco's legacy firewall appliances, if properly maintained, can offer a high degree of security by providing a variety of services including firewall, VPN tunneling, and IPS.
Since Cisco's purchase of Sourcefire, the entire family of Cisco ASA 5500-X firewalls can be configured to support Firepower Services, based on Sourcefire's Snort product, which is the world's most deployed network intrusion protection system (IPS). Firepower services bring powerful new capabilities such as advanced malware protection (AMP), URL filtering, dynamic threat analytics, and automation.
Progent's Cisco CCIE-premier network consultants can assist your organization to support and troubleshoot legacy ASA 5500 Series and PIX firewall appliances and can also help you to design and carry out a smooth upgrade to Ciscoís ASA 5500-X firewalls with Firepower. Progent can also help you to design, integrate, optimize, manage and troubleshoot new firewall ecosystems based on Cisco's latest ASA 5500-X models with Firepower Services. Progent can also help your organization to migrate from your Cisco ASA 5500-X deployment to Cisco's latest Firepower Next Generation Firewalls (NGFWs).
Cisco's ASA 5500-X Firewall Product Family
Cisco's extensive line of ASA 5500-X firewalls features an improved substitute for every rack-mountable unit in the older ASA 5500 generation of devices. Each ASA 5500-X firewall is suited for the same market as the corresponding previous models, which gives small and midsize businesses plenty of choice for picking a firewall that aligns with their security requirements and budgets. All ASA 5500-X firewalls build on Cisco's proven stateful-inspection firewall technology and all include purpose-built 64-bit hardware with multicore CPUs and are capable of running Cisco's powerful protection services. All models in Cisco's ASA 5500-X product line deliver dependable protection across any mix of physical, virtual, and cloud deployments.
For additional details about Cisco's ASA 5500-X security appliances, Cisco Firepower services, and Progent's consulting for Cisco ASA security appliances, see Cisco Firepower integration and troubleshooting consulting
Cisco's Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X security appliances work with either software or hardware modules that support Cisco's Firepower Services, which provide layered protection against sophisticated attacks. Firepower Services are based on technology adopted by Cisco from Sourcefire. Key features of Firepower Services for ASA security appliances include:
- Multi-layer protection against familiar and zero-day attacks
- Advanced Malware Protection that uses big data to find and mitigate security breaches
- A Next-Generation Intrusion Prevention System that performs contextual analysis that covers clients, infrastructure, apps, and content to detect attacks that incorporate simultaneous vectors
- High-resolution Application Visibility and Control (AVC that is familiar with thousands of applications and can automatically launch both standard and custom IPS policies depending on the severity of threats
Firepower Services for ASA 5500-X firewalls provide multi-layered security
Simpler implementations of ASA firewalls can be effectively administered via Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based tool provided with all ASA 5500-X versions. ASDM provides a convenient web console for deploying, administering, and troubleshooting ASA 5500-X devices and modules.
For more complex environments, ASA 5500-X appliances with Firepower Services can be administered with Cisco's Firepower Management Center, implemented as one or several physical units or virtual appliances. Firepower Management Center provides centralized firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Advanced Malware Protection. Because of frequent rebranding since Cisco's acquisition of Sourcefire Defense Center, Cisco's Firepower Management Center has been delivered under several names including Cisco Defense Center, Cisco Firesight Defense Center, and FireSIGHT Management Center.
Firepower Management Center offers features beyond those available with Cisco's on-box ASDM utility. Extra features include expanded context awareness, Cisco's Advanced Malware Protection with remediation for user devices, a dashboard that provides dynamic infrastructure visualization, automated policy optimization driven by impact evaluation of threats, comprehensive IPS, custom app detectors for Application Visibility and Control, customized health notifications, enhanced reporting options, and application interfaces for host input and database access. Hardware-dependent features like clustering, stacking, switching, routing, VPN, and NAT must be handled using the on-device ASDM or the ASA command line interface.
Cisco ASA 5500 Firewalls
Cisco Adaptive Security Appliances 5500 Series Firewalls leverage technology behind Cisco's PIX 500 firewall, Cisco's IPS 4200 Series sensor, and the VPN 3000 family concentrator. These technologies converge on the Cisco ASA Firewall family to offer a firewall that stops the widest range of threats. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls deliver application protection, local containment, and safe Virtual Private Network functionality throughout the entire product line. This broad scope of protection allows defense of any network segment, which includes the most common attack conduits like remote sites, LAN-connected inside users, and off-site access VPNs.
The expandable architecture of the Cisco ASA 5500 Series permits you to add more security services by installing service modules and security service cards (SSCs). These easy-to-install options give you the ability to add Intrusion Protection and content protection functions like filtering virus, worms, and phishing assaults and executing file and URL filtering. Beside allowing your IT staff to react quickly to new threat environments, the extensible architecture of the Cisco ASA 5500 family also protects your hardware investment by increasing the useful life of your security appliances. The Cisco ASA 5500 family also protects your investment in administrative staff training by supporting the familiar set of PIX security management tools and protocols including the Cisco ASDM platform, protected command-line interface availability, syslog, and SNMP.
Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls deliver a high-level of application protection via smart, application-sensitive inspection engines that analyze network flows at Layers 4-7. The result is a more secure environment covering Web, voice, and 3G-mobile wireless services. To defend networks against application-layer assaults and to provide stronger policing of the programs and protocols used in their environments, Cisco's inspection engines incorporate broad application and protocol knowledgebases and employ security enforcement solutions that include anomaly sensing and application and protocol state tracking. Also included are assault detection and remediation technology including application and protocol command filtering and URL deobfuscation. Cisco Adaptive Security Appliances firewall inspection engines also provide management of instant messaging and tunneling applications, allowing businesses to police usage policies and conserve network bandwidth for critical business applications.
For more details about Progent's support services for Cisco's ASA 5500 firewalls, visit Cisco ASA 5500 firewalls integration and troubleshooting consulting.
PIX Security Appliance Series
Built upon a hardened, specialized OS that delivers a wealth of security features, Cisco PIX firewalls offer a high level of protection and have received Common Criteria Evaluation Assurance Level 4 status and ICSA Labs Firewall and IPsec qualification. Cisco PIX firewall appliances provide protection for a broad range of VoIP and additional mixed-media conventions including H.323 v. 4, Session Initiation Protocol, SCCP, RTSP, and Media Gateway Control Protocol (MGCP), helping businesses to safeguard installations of a wide range of contemporary and upcoming VoIP and multimedia applications.
PIX firewall appliances feature a variety of configuration, monitoring, and troubleshooting options, providing businesses the flexibility to use the techniques that best meet their requirements. Management solutions include common, policy-based administration utilities, integrated web-accessible management, and compatibility with remote-monitoring protocols like SNMP and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) interface offers a world-class Web-accessible management solution that greatly streamlines the deployment, in-place configuration, and tracking of a specific PIX firewall without the need of any additional software beyond a standard browser and Java applet to be running on a manager's PC.
Administrators can also remotely set up, monitor, and analyze Cisco PIX firewall appliances using a command-line interface. Secure command-line interface communication is available using several techniques including Secure Shell Protocol, Telnet over IP Security, and out-of-band via a console port. Cisco PIX firewall appliances also include robust automatic-update capabilities, a collection of advanced secure remote-administration options that ensure firewall configurations and software images are kept current.
For more information about Progent's consulting services for PIX 500 firewalls, see Cisco PIX 500 firewalls integration and troubleshooting consulting.
Progent's Migration Consulting for Cisco Firewalls
Because Cisco has discontinued offering the PIX 500 and ASA 5500 families of firewalls, many businesses are uncomfortable with relying on a critical infrastructure mechanism that might no longer be supported. ASA 5500-X and Firepower Series security appliances offer the benefit of being new products and also offer a number of technical and budgetary advantages in comparison to PIX firewalls. These advantages include significantly higher performance, optional SSL tunneling capability, and a modular architecture that protects your investment by allowing you to self-install new security services when and if you need them. Progent's CCIE-certified network engineers can assist you to determine the strategic case for moving from PIX 500 or Cisco ASA 5500 firewalls, design a migration process that allows for a fast and seamless upgrade, help your IT staff to deploy new ASA 5500-x or Firepower Series appliances, and provide online, consulting, and troubleshooting services.
Other Ways Progent Can Assist Your Business with Cisco ASA and PIX Firewalls
Cisco's Firepower NGFW Series, ASA 5500 Series, and PIX security appliances incorporate an array of setup, monitoring, and analysis features which give you the flexibility to deploy these security appliances to align optimally with your company's requirements. Progent's CCIE certified network experts can assist you to install an efficient network infrastructure that includes Cisco firewalls and that offers advanced protection, resilience, performance, and manageability. Progent's GISA and CISSP-ISSP-premier information security consultants can help you to create a security policy that makes sense for your situation and can configure your firewall to enforce your security policies. Progent's security evaluation engineers can assess the strength of your existing firewall solution and validate the security of your whole IT environment. Progentís Help Desk Call Center can deliver emergency remote technical support for Cisco products and can give you quick access to a Cisco CCIE network engineer.
For more details concerning Progent's consulting support for Cisco technology, pick a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
In order to ask Progent about technical expertise for Cisco products, call 1-800-993-9400 or see Contact Progent.